SA-MP Forums Archive
[Tool/Web/Other] Nobody's Firewall - Protection against query/cookie flood. - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Filterscripts (https://sampforum.blast.hk/forumdisplay.php?fid=17)
+---- Forum: Tools and Files (https://sampforum.blast.hk/forumdisplay.php?fid=82)
+---- Thread: [Tool/Web/Other] Nobody's Firewall - Protection against query/cookie flood. (/showthread.php?tid=638237)


[C] Nobody's Firewall - Protection against query/cookie flood. - SlowARG - 28.07.2017

Nobody's Firewall
Simple firewall that protect your server against query/cookie flood.
Current version: 0.1 BETA FIX #2.

••• Description •••
Nobody Firewall (aka nfwall) is a simple —but powerful— firewall for SA-MP that protect your server against query flood/cookie flood attacks.

••• Why? •••
I didn't program for some years ago and i've retired from SA-MP. Recently a friend asked me for help with pawn and... I don't know, simply i want'd to program in C again and i noticed that the actual anti 'server full' attacks haven't been updated for some months, so i decided to work in a new firewall that protect the servers against known query flood and the cookie flood for SA-MP 0.3.7.

••• Features •••
Open Source.
Programmed purely in C.
Use lipbcap.
Ban logs.
Debug mode.
Actually runs only on Linux (i will relese a multi-so version soon).

••• Dependences •••
libpcap. (https://github.com/the-tcpdump-group/libpcap)

••• Downloads •••
https://github.com/n0bodysec/NobodyFirewall
Licensed under GNU General Public License v3.

••• Special thanks •••
n3ptun0 (aka Stella) for his firewall for SA-MP 0.3e.
Silver Moon for his base code.


Y̶u̶p̶,̶ ̶a̶ ̶p̶o̶o̶r̶ ̶p̶o̶s̶t̶.̶

Greetings!
Nobody.

Re: Nobody's Firewall - Protection against query/cookie flood. - Ouizzane - 30.07.2017

Impressive, we wait for the new version for windows with impatience.

Re: Nobody's Firewall - Protection against query/cookie flood. - azzerking - 22.08.2017

Cool Idea,

But one problem is the loopback address can be faked, and any experienced programmer with some hacking knowledge will know this.

Don't ignore any address, treat all as a possible threat.

I am an experienced Ethical Hacker / Software and Network Engineer and I myself have made the same mistake a couple of years ago, so maybe update the code to not ignore the loopback address.

Re: Nobody's Firewall - Protection against query/cookie flood. - denNorske - 24.08.2017

Nice - I kinda of need this at the moment, but whenever I try to make it (and after installing all the dependencies prior to trying), i get this output while "make":

Code:
~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
nfwall.c: In function ‘main’:
nfwall.c:96:3: warning: too many arguments for format [-Wformat-extra-args]
   printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]);
   ^
nfwall.c: In function ‘ProcessSAMPPacket’:
nfwall.c:179:3: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
   for (int i = 0; i < STRUCT_NUMBER; i++)
   ^
nfwall.c:179:3: note: use option -std=c99 or -std=gnu99 to compile your code
nfwall.c: In function ‘ProcessCookiePacket’:
nfwall.c:205:3: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
   for (int i = 0; i < STRUCT_NUMBER; i++)
   ^
nfwall.c: In function ‘CheckIfExists’:
nfwall.c:236:2: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
  for (int i = 0; i < STRUCT_NUMBER; i++)
  ^
nfwall.c: In function ‘threadReload’:
nfwall.c:246:2: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
  for (int i = 0; i < STRUCT_NUMBER; i++)
  ^
make: *** [all] Error 1
Any idea if this is system or code related issue?

Re: Nobody's Firewall - Protection against query/cookie flood. - azzerking - 25.08.2017

Quote:
Originally Posted by denNorske
View Post
Nice - I kinda of need this at the moment, but whenever I try to make it (and after installing all the dependencies prior to trying), i get this output while "make":

Code:
~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
nfwall.c: In function ‘main’:
nfwall.c:96:3: warning: too many arguments for format [-Wformat-extra-args]
   printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]);
   ^
nfwall.c: In function ‘ProcessSAMPPacket’:
nfwall.c:179:3: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
   for (int i = 0; i < STRUCT_NUMBER; i++)
   ^
nfwall.c:179:3: note: use option -std=c99 or -std=gnu99 to compile your code
nfwall.c: In function ‘ProcessCookiePacket’:
nfwall.c:205:3: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
   for (int i = 0; i < STRUCT_NUMBER; i++)
   ^
nfwall.c: In function ‘CheckIfExists’:
nfwall.c:236:2: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
  for (int i = 0; i < STRUCT_NUMBER; i++)
  ^
nfwall.c: In function ‘threadReload’:
nfwall.c:246:2: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
  for (int i = 0; i < STRUCT_NUMBER; i++)
  ^
make: *** [all] Error 1
Any idea if this is system or code related issue?
What version of gcc do you currently have installed?

Also you can just add '-std=c99' to the makefile in order to invoke a C99 compiler.

Calling /usr/bin/c99 instead of /usr/bin/gcc on an Ubuntu system, this points to a script which invokes gcc after having added the -std=c99 flag, which is precisely what you want

Re: Nobody's Firewall - Protection against query/cookie flood. - blackgangs - 25.08.2017

Code:
~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
make: gcc: Command not found
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 127
any idea?

Re: Nobody's Firewall - Protection against query/cookie flood. - azzerking - 26.08.2017

Quote:
Originally Posted by blackgangs
View Post
Code:
~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
make: gcc: Command not found
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 127
any idea?
You need to install gcc

depending on what version of your OS supports.

apt-get install gcc-*.* ( replacing * with the version of gcc, you wish to install)

Re: Nobody's Firewall - Protection against query/cookie flood. - denNorske - 26.08.2017

Quote:
Originally Posted by azzerking
View Post
What version of gcc do you currently have installed?

Also you can just add '-std=c99' to the makefile in order to invoke a C99 compiler.

Calling /usr/bin/c99 instead of /usr/bin/gcc on an Ubuntu system, this points to a script which invokes gcc after having added the -std=c99 flag, which is precisely what you want
Thanks, I'll give it a try

Re: Nobody's Firewall - Protection against query/cookie flood. - blackgangs - 26.08.2017

Code:
~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
nfwall.c: In function ‘main’:
nfwall.c:96:10: warning: too many arguments for format [-Wformat-extra-args]
   printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]);
          ^
/tmp/ccjeHIRl.o: In function `main':
nfwall.c:(.text+0x4b): undefined reference to `pthread_create'
nfwall.c:(.text+0x1ca): undefined reference to `pcap_findalldevs'
nfwall.c:(.text+0x23c): undefined reference to `pcap_open_live'
nfwall.c:(.text+0x295): undefined reference to `pcap_setdirection'
nfwall.c:(.text+0x2b3): undefined reference to `pcap_loop'
collect2: error: ld returned 1 exit status
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 1
another problem came..

Respuesta: Re: Nobody's Firewall - Protection against query/cookie flood. - SlowARG - 26.08.2017

Quote:
Originally Posted by denNorske
View Post
Nice - I kinda of need this at the moment, but whenever I try to make it (and after installing all the dependencies prior to trying), i get this output while "make":

Code:
~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
nfwall.c: In function ‘main’:
nfwall.c:96:3: warning: too many arguments for format [-Wformat-extra-args]
   printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]);
   ^
nfwall.c: In function ‘ProcessSAMPPacket’:
nfwall.c:179:3: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
   for (int i = 0; i < STRUCT_NUMBER; i++)
   ^
nfwall.c:179:3: note: use option -std=c99 or -std=gnu99 to compile your code
nfwall.c: In function ‘ProcessCookiePacket’:
nfwall.c:205:3: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
   for (int i = 0; i < STRUCT_NUMBER; i++)
   ^
nfwall.c: In function ‘CheckIfExists’:
nfwall.c:236:2: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
  for (int i = 0; i < STRUCT_NUMBER; i++)
  ^
nfwall.c: In function ‘threadReload’:
nfwall.c:246:2: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
  for (int i = 0; i < STRUCT_NUMBER; i++)
  ^
make: *** [all] Error 1
Any idea if this is system or code related issue?
Try the new version i uploaded right now, you don't need to use c99 compiler.

Quote:
Originally Posted by blackgangs
View Post
Code:
~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
nfwall.c: In function ‘main’:
nfwall.c:96:10: warning: too many arguments for format [-Wformat-extra-args]
   printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]);
          ^
/tmp/ccjeHIRl.o: In function `main':
nfwall.c:(.text+0x4b): undefined reference to `pthread_create'
nfwall.c:(.text+0x1ca): undefined reference to `pcap_findalldevs'
nfwall.c:(.text+0x23c): undefined reference to `pcap_open_live'
nfwall.c:(.text+0x295): undefined reference to `pcap_setdirection'
nfwall.c:(.text+0x2b3): undefined reference to `pcap_loop'
collect2: error: ld returned 1 exit status
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 1
another problem came..
Try to use -pthread instead of -lpthread in Makefile. Anyway, i edited Makefile in the new version, you can try with it.

Quote:
Originally Posted by azzerking
View Post
Cool Idea,

But one problem is the loopback address can be faked, and any experienced programmer with some hacking knowledge will know this.

Don't ignore any address, treat all as a possible threat.

I am an experienced Ethical Hacker / Software and Network Engineer and I myself have made the same mistake a couple of years ago, so maybe update the code to not ignore the loopback address.
Take a look to Martian packet and Bogon filtering.

Best Regards!

Re: Respuesta: Re: Nobody's Firewall - Protection against query/cookie flood. - azzerking - 27.08.2017

Quote:
Originally Posted by SlowARG
View Post
Try the new version i uploaded right now, you don't need to use c99 compiler.



Try to use -pthread instead of -lpthread in Makefile. Anyway, i edited Makefile in the new version, you can try with it.



Take a look to Martian packet and Bogon filtering.

Best Regards!
Whoops, I apologize I overlooked the part of code where you were using this system. I am aware of this type of filtering, something I had to learn a few years ago when I first starting working for IBM.

Good Work, though.

Respuesta: Re: Respuesta: Re: Nobody's Firewall - Protection against query/cookie flood. - SlowARG - 27.08.2017

Quote:
Originally Posted by azzerking
View Post
Whoops, I apologize I overlooked the part of code where you were using this system. I am aware of this type of filtering, something I had to learn a few years ago when I first starting working for IBM.

Good Work, though.
No problem, anyway thank you for the suggestion.

Regards.

Re: [C] Nobody's Firewall - Protection against query/cookie flood. - RDM - 27.08.2017

Quote:
Originally Posted by SlowARG
View Post
Nobody's Firewall
Simple firewall that protect your server against query/cookie flood.
Current version: 0.1 BETA FIX #2.

••• Description •••
Nobody Firewall (aka nfwall) is a simple —but powerful— firewall for SA-MP that protect your server against query flood/cookie flood attacks.

••• Why? •••
I didn't program for some years ago and i've retired from SA-MP. Recently a friend asked me for help with pawn and... I don't know, simply i want'd to program in C again and i noticed that the actual anti 'server full' attacks haven't been updated for some months, so i decided to work in a new firewall that protect the servers against known query flood and the cookie flood for SA-MP 0.3.7.

••• Features •••
Open Source.
Programmed purely in C.
Use lipbcap.
Ban logs.
Debug mode.
Actually runs only on Linux (i will relese a multi-so version soon).

••• Dependences •••
libpcap. (https://github.com/the-tcpdump-group/libpcap)

••• Downloads •••
https://github.com/n0bodysec/NobodyFirewall
Licensed under GNU General Public License v3.

••• Special thanks •••
n3ptun0 (aka Stella) for his firewall for SA-MP 0.3e.
Silver Moon for his base code.


Y̶u̶p̶,̶ ̶a̶ ̶p̶o̶o̶r̶ ̶p̶o̶s̶t̶.̶

Greetings!
Nobody.
I think this is a bit unnecessary since it is possible to do the control you did using iptables with the recent module!

But anyway congratulations! Good job !

Respuesta: Re: [C] Nobody's Firewall - Protection against query/cookie flood. - SlowARG - 27.08.2017

Quote:
Originally Posted by RDM
View Post
I think this is a bit unnecessary since it is possible to do the control you did using iptables with the recent module!

But anyway congratulations! Good job !
Yeah, you are right, but i prefer to control my network packets with C, it has a little advantages.

For example, it works for each port and not only for 7777 and regex isn't necessary.
Anyway, it's so good to show all possibilities to mitigate an attack.

Thank you!
Regards.